CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2015-1914 – JDK: unspecified partial Java sandbox restrictions bypass
https://notcve.org/view.php?id=CVE-2015-1914
13 May 2015 — IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass "permission checks" and obtain sensitive information via vectors related to the Java Virtual Machine. IBM Java 7 R1 anterior a SR3, 7 anterior a SR9, 6 R1 anterior a SR8 FP4, 6 anterior a SR16 FP4, y 5.0 anterior a SR16 FP10 permite a atacantes remotos evadir 'comprobaciones de permisos' y obtener información sensible a través de vectores relacionados con Java Virtual Ma... • http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-8892 – JDK: unspecified partial Java sandbox bypass fixed in Feb 2015 update
https://notcve.org/view.php?id=CVE-2014-8892
05 Feb 2015 — Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitive information via unspecified vectors related to the security manager. Vulnerabilidad no especificada en Java Virtual Machine (JVM) en IBM SDK, Java Technology Edition 5.0 anterior a SR16-FP9, 6 anterior a SR16-FP3, 6R1 anterior a S... • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00021.html •
CVSS: 10.0EPSS: 6%CPEs: 5EXPL: 0CVE-2014-8891 – JDK: unspecified full Java sandbox bypass fixed in Feb 2015 update
https://notcve.org/view.php?id=CVE-2014-8891
05 Feb 2015 — Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vectors related to the security manager. Vulnerabilidad no especificada en Java Virtual Machine (JVM) en IBM SDK, Java Technology Edition 5.0 anterior a SR16-FP9, 6 anterior a SR16-FP3, 6R1 anterior a SR8-FP3, 7 anterio... • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00021.html •
CVSS: 9.1EPSS: 0%CPEs: 46EXPL: 0CVE-2014-3068 – JDK: Java CMS keystore provider potentially allows brute-force private key recovery
https://notcve.org/view.php?id=CVE-2014-3068
02 Dec 2014 — IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows attackers to obtain the private key from a Certificate Management System (CMS) keystore via a brute force attack. IBM Java Runtime Environment (JRE) 7 R1 anterior a SR1 FP1 (7.1.1.1), 7 anterior a SR7 FP1 (7.0.7.1), 6 R1 anterior a SR8 FP1 (6.1.8.1), 6 anterior a SR16 FP1 (6.0.16.1), y anterior a 5.0 SR16 FP7 (5.0... • http://rhn.redhat.com/errata/RHSA-2015-0264.html • CWE-255: Credentials Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 46EXPL: 0CVE-2014-3065 – JDK: privilege escalation via shared class cache
https://notcve.org/view.php?id=CVE-2014-3065
20 Nov 2014 — Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache. Vulnerabilidad no especificada en IBM Java Runtime Environment (JRE) 7 R1 anterior a SR2 (7.1.2.0), 7 anterior a SR8 (7.0.8.0), 6 R1 anterior a SR8 FP2 (6.1.8.2), 6 anterior a SR16 FP2 (6.0.16.2), y anterior a S... • http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.8EPSS: 0%CPEs: 53EXPL: 0CVE-2014-0878 – JDK: Vulnerability in the IBMSecureRandom implementation of the IBMJCE and IBMSecureRandom cryptographic providers
https://notcve.org/view.php?id=CVE-2014-0878
26 May 2014 — The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the random number generator's output. El componente IBMSecureRandom en los proveedores criptográficos IBMJCE y IBMSecureRand... • http://secunia.com/advisories/59022 • CWE-310: Cryptographic Issues •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2013-0485
https://notcve.org/view.php?id=CVE-2013-0485
21 Jan 2014 — Unspecified vulnerability in IBM Java SDK 7 before SR4-FP1, 6 before SR13-FP1, 5.0 before SR16-FP1, and 1.4.2 before SR13-FP16 has unknown impact and attack vectors related to Class Libraries. Vulnerabilidad no especificada en IBM Java SDK 7 en versiones anteriores a SR4-FP1, 6 en versiones anteriores a SR13-FP1, 5.0 en versiones anteriores a SR16-FP1 y 1.4.2 en versiones anteriores a SR13-FP16 tiene impacto desconocido y vectores de ataque relacionados con Class Libraries. • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2013-4041 – JDK: unspecified sandbox bypass (JVM)
https://notcve.org/view.php?id=CVE-2013-4041
07 Nov 2013 — Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to access restricted classes via unspecified vectors. Vulnerabilidad no especificada en el Java SDK de IBM 5.0.0 anteriores a SR16 FP4, 7.0.0 anteriores a SR6, 6.0.1 anteriores a SR7, y 6.0.0 anteriores a SR15 permite a atacantes remotos acceder clases restringidas a través de vectores no especificados. This update corrects several security vulnerabilities in the... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2013-5375 – JDK: unspecified sandbox bypass (XML)
https://notcve.org/view.php?id=CVE-2013-5375
07 Nov 2013 — Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, 6.0.0 before SR15, and 5.0.0 before SR16 FP4 allows remote attackers to access restricted classes via unspecified vectors related to XML and XSL. Vulnerabilidad no especificada en IBM Java SDK 7.0.0 anteriores a SR6, 6.0.1 anteriores a SR7, 6.0.0 anteriores a SR15, y 5.0.0 anteriores a SR16 FP4 permite a atacantes remotos acceder a clases restringidas a través de vectores no especificados relacionados con XML y XSL. This update co... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 1CVE-2013-5456 – JDK: unspecified sandbox bypass (ORB)
https://notcve.org/view.php?id=CVE-2013-5456
07 Nov 2013 — The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0 before SR6 allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code via vectors related to deserialization inside the AccessController doPrivileged block. La clase com.ibm.rmi.io.SunSerializableFactory en IBM Java SDK 7.0.0 en versiones anteriores a SR6 permite a atacantes remotos eludir un mecanismo de protección de sandbox y ejecutar código arbitrario a través de vectores relacionados con deserializaci... • https://packetstorm.news/files/id/136662 •